Security Watch

Related Links

Officials at Sun Microsystems Inc. moved to expand the company's presence in identity management last month by signing an agreement to buy Waveset Technologies Inc., a company based in Austin, Texas, that provides software for controlling access to enterprise systems and data.

Sun's Java Enterprise System offers strong directory services and has a repository to store users' network identity information, said Steve Pelletier, the company's vice president of network identity, communication and portal products. But what's missing is a user-provisioning capability, which is one of Waveset's strengths, he said. User provisioning is the process of creating and deleting user accounts from systems throughout the user life cycle.

Many of Sun's customers wanted the company to improve its user-provisioning capabilities and suggested that it partner with Waveset, Pelletier said. The companies have been working together for about a year, and Sun has come to view Waveset "as the market leader in user provisioning," he added.

When the acquisition is completed this month, Waveset officials will help steer Sun's identity management. Waveset's products will be integrated with Sun's identity management offerings, such as Java System Network Identity Services, which includes the Java System Directory server, Java System Meta-Directory server, Java System Identity servers, Java Desktop System and Java Card technology.

Sun's backing will no doubt reassure Waveset's federal customers that the company will be around for a while and be able to support their requirements. The Defense Department, for instance, is a Waveset customer.

Mark McClain, president and founder of Waveset, said Sun is a company on the cutting edge of technology. It "has a strong presence in single sign-on and directory control," McClain said. "There is no real overlap" in the two companies' product portfolios, he said. But just as important, Sun has a global reach and a "deep presence in the government," he added.

BMC Software Inc. is not acquiring another company to extend the capabilities of its identity management software suite. Instead, the Houston-based company is partnering with another vendor. It is using Business Layers' eProvision technology to offer more provisioning and workflow capabilities to its Control-SA user-provisioning product.

The new product, Control-SA/eProvision, will include a rule-based workflow engine and functions for delegated user administration and self-services registration. The product will also offer Lightweight Directory Access Protocol management, comprehensive password management, and auditing and reporting capabilities.

Suppressing worm attacks

Fast-spreading Internet worms that are disrupting network operations worldwide are becoming even more serious than viruses because they replicate without a user even opening an e-mail attachment.

ForeScout Technologies Inc. is coming to the rescue with new antiworm software. WormScout protects networks by identifying worm-infected computers and preventing them from infecting other network segments.

Worms find and infect target machines to replicate themselves by network reconnaissance, said Tim Riley, vice president of marketing at ForeScout. They scan Internet ports looking for targeted machines that may contain a specific vulnerability they are programmed to exploit. The Blaster worm, for example, took advantage of a remote procedure call vulnerability in versions of Microsoft Corp. Windows machines, scanning for machines on port 135, the port on which remote procedure call services run.

To counter probing worms, WormScout servers, which can be placed throughout a corporate network, monitor traffic entering and exiting the protected segment. When a worm is identified, the software blocks it from spreading. A management server, which communicates with multiple WormScout servers distributed across the network, manages policy and collects worm activity information. Another component, the WormScout Enterprise Manager, provides a visual overview of network activity including a network map that displays the location of worm-infected computers, their IP addresses, their attempts to infect other computers and the steps taken to suppress them.

Another approach offering protection against worms and hackers comes from Sana Security Inc., a company that makes security software based on the principles of the human immune system. Company officials recently rolled out Primary Response 2.0, which provides server-based intrusion prevention for Linux, Microsoft Exchange Server and Windows Server 2003. The software detects anomalous code paths and blocks system call execution.